sync-pencil
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves ingesting data from external .pen design files to automate the generation and updating of React and Tailwind code. This workflow creates an attack surface where malicious instructions or structural patterns embedded in a design file could influence the agent's code generation output.
- Ingestion points: Design data is processed via the
mcp__penciltool in workflows likeworkflows/exhaustive-sync.mdandworkflows/pencil-to-code.md. - Boundary markers: No explicit delimiters or system-level instructions are used to isolate design properties from the agent's operational logic or to warn the agent against executing instructions found within the data.
- Capability inventory: The skill utilizes powerful tools including
Write,Edit,Glob,Grep, andplaywright-cli(which enables network and browser interaction). - Sanitization: There is no evidence of validation or sanitization of the extracted design properties before they are interpolated into code templates or written to the filesystem.
Audit Metadata